PHI-Free Lead Capture: Safe Form Fields to Use

Purpose #

If you plan to use Xtreme Automator® for marketing/lead generation without the HIPAA add-on, you must keep the platform PHI-free. This article shows exactly what to collect (safe) and what to avoid (risky).

What counts as PHI (simple explanation) #

PHI is information that can identify a person and relates to healthcare services or condition.
In practice, “Name + what I need therapy for” can become PHI once tied to your practice.

✅ Recommended “safe” lead form fields (PHI-free) #

Use these fields for marketing forms:

• First Name
• Last Name
• Email
• Phone (optional)
• Preferred day/time (optional)
• Service category (non-clinical wording only)
  Example: “Counseling Appointment” / “Consultation Request” / “New Client Inquiry”
• How did you hear about us?
• General location (city/zip)

Safe dropdown examples (non-clinical) #

Use broad categories that don’t imply diagnosis:

• “New Client Appointment”

• “Returning Client Scheduling”

• “Billing Question”

• “General Question”

🚫 Avoid these fields (high PHI risk) #

Do not include open-ended prompts like:

• “What are you seeking therapy for?”
• “Tell us your symptoms”
• “What medications are you taking?”
• “What is your diagnosis?”
• “Please describe your situation”
• File uploads (documents/images)

Avoid any form field that captures:

• Symptoms, diagnosis, medications
• Trauma history
• Treatment plan details
• Clinical notes
• Anything the client would consider “private health details”

Best practice: Remove the message box (or heavily restrict it) #

The single biggest PHI risk is a “Message” field. If you keep one, use both:

1. Short character limit (example: 120–200 chars)

2. Clear warning text directly above it

Recommended disclaimer (copy/paste) #

For your privacy, please do not include medical or clinical details here.
We’ll collect sensitive information through our secure patient portal.

What to do instead of collecting details on the form #

Use the form to capture contact info, then:

• Auto-reply: “Please share details through our secure portal”

• Include a link to the portal intake form

This keeps Xtreme Automator® PHI-free while still converting leads.

PHI-Free Lead Capture checklist #

Before publishing any form:

• No clinical questions

• No file upload fields

• No open “tell us what’s going on” message field (or limited + disclaimer)

• Automated reply directs clients to secure portal for sensitive details

• Team trained not to add clinical info into Notes/Custom Fields

What's your Reaction?

You have reacted on"PHI-Free Lead Capture: Safe Form Fields to Use"


A few seconds ago